Senior Manager, Information Security

Job Description

Job Summary

The primary purpose of this role is to manage a team focused on defining, implementing and/or maintaining processes and tools that support enterprise technology security. This includes accountability for optimizing performance of services that span security and technology domains, including Operations, Policy, Governance and Delivery.

In addition, this role provides insight and recommendations to inform the ongoing strategy for health and care of assigned security processes and tools.

This individual manages people which includes responsibility for setting individual and team expectations, delegating assignments and managing performance, identifying talent needs, and coaching and developing team members.

With a focus specifically onNetwork Security Engineering, this role manages the technical aspects of developing, implementing and maintaining security infrastructure systems within various computing environments. This role manages team(s) through all system development lifecycle phases and provides insight and recommendations to inform the ongoing strategy for health and care of assigned domain(s) and/or platform(s).

With a focus specifically onSecurity Threat & Vulnerability, this role manages a team and associated processes focused on vulnerability identification or remediation. This includes providing day-to-day management of information security and risk activities, including oversight of vulnerability assessments and remediation programs serving both internal and external stakeholders.

Qualifications

Minimum Qualifications

Bachelors Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)

10+ years IT experience with a broad range of exposure to all aspects of business/system planning, analysis, and application development

10+ years of experience leading project or technical teams with or without formal direct report responsibility; this includes experience providing technical direction, thought leadership, coaching and mentoring to team members

10+ years of experience with information security tools, concepts and practices

Familiarity with multi-platform technology environments and their operational/security considerations

Experience managing projects and project resources to meet goals on simultaneous/multiple projects

Preferred Qualifications

Master s Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field

IT experience in the retail industry

Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)

Experience in a PCI/Retail technology environment

Leadership experience with direct report responsibility

Experience managing in an Agile environment

Experience leading global teams

Experience with process management methodologies such as Six Sigma or ITIL Delivery methodologies (Agile, Scrum, SAFe)

Broad knowledge of infrastructure (network and servers), network architecture, services and security policies

Security Governance, Risk & Compliance

4 years of experience in one or more of the following fields: technical, security or privacy education/training, information security, external/internal audit, risk management (specific to Security Governance, Risk and Compliance role)

3 years of experience conducting or leading PCI-DSS assessments (specific to Security Governance, Risk and Compliance role)

Network Security Engineering

10+years of experience in Security Engineering (specific to Security Engineering role)

Advanced knowledge of core Information Security concepts related to security infrastructure components (specific to Security Engineering role)

Knowledge of retail regulatory scope (PCI, SOX, etc.) (specific to Security Engineering role)

5 years of experience in Security Engineering (VPN, layer 4 to layer 7 firewalls, etc.) (specific to Security Engineering role)

Security Threat & Vulnerability

6 years of experience in Information, Network, or Application Security (specific to Security Threat & Vulnerability role)

Advanced knowledge of core Information Security concepts related to Threat and Vulnerability Management or Offensive security testing (specific to Security Threat & Vulnerability role)

- Knowledge of retail regulatory scope (PCI, SOX, etc.) (specific to Security Threat & Vulnerability role)

---